CVSROOT: /cvs
Module name: src
Changes by: [EMAIL PROTECTED] 2008/07/24 04:55:44
Modified files:
sys/netinet : ipsec_input.c
Log message:
ipsec is glued into the stack in a very weird way, violating all kinds
of expected semantics. thus, for return packets coming out of an ipsec
tunnel, we need to clear the pf state key pointer in the mbuf header
to prevent a state for encapsulated traffic to be linked to the
decapsulated traffic one.
problem noticed by Oleg Safiullin <[EMAIL PROTECTED]>, took me some
time to understand what the hell was going on. ok ryan
